Attorney Docket No. CISCO-8 126 

Amendments to the Claims : 

The listing of claims will replace all prior versions and listings of claims in the 
application: 

Listing of Claims: 

Claims 1-7 (canceled). 

8. (Previously Presented) An apparatus for providing a single step log-on access for 
a subscriber of a computer network having a first area and a second area, said computer network 
including at least one Network Access Server (NAS) and at least one Authentication 
Authorization and Accounting (AAA) Server, said NAS providing access for the subscriber to 
said first area, said apparatus comprising: 

a Service Selection Gateway (SSG) Server providing access for the subscriber to the 
second area, said SSG Server connected between the NAS and the AAA Server, said SSG Server 
configured to: (1) receive an access-request packet from the NAS when the subscriber connects 
the NAS, (2) forward said access-request packet to the AAA Server, (3) receive an access-reply 
packet from the AAA Server in response to said access-request packet, (4) forward said access- 
reply packet to the NAS, and (5) process information in said access-reply packet for enabling 
said SSG Server to automatically log the subscriber onto said SSG Server when the subscriber 
logs onto the NAS. 

9. (Previously Presented) The apparatus of claim 8, wherein the access-request 
packet includes user-name and password information for the subscriber. 
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10. (Previously Presented) The apparatus of claim 9, wherein the SSG Server is 
further configured to utilize the user-name and password information for the subscriber to initiate 
log-on for the subscriber to the second area. 

1 1 . (Currently Amended) An apparatus for providing a subscriber with single step 
log-on access to computer network having a first area and a second area, the apparatus 
comprising: 

a Service Selection Gateway (SSG) Server configured to: (1) intercept a log-on request 
packet from a Network Access Server (NAS), said log-on-request packet initiated by a user 
seeking to gain access to the first area, access to which is controlled by the NAS, and to the 
second area, access to which is controlled by the SSG Server, (2) send an authorization request 
packet derived from said int e rc e pt e d log-on request packet to an Authentication, Authorization 
and Accounting (AAA) Server, (3) receive an authorization packet from the AAA Server and 
responsive to the authorization request packet, and (4) process said log-on request packet and 
said authorization packet to enable said SSG Server to automatically log the subscriber on to the 
SSG Server for access to the second area when the subscriber logs on to the NAS. 

12. (Previously Presented) The apparatus of claim 11, wherein the log-on request is 
sent from the NAS. 

13. (Previously Presented) The apparatus of claim 11, wherein said SSG Server is 
further configured to utilize information contained in the log-on request to initiate log-on for the 
subscriber to the second area. 
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14. (Previously Presented) An apparatus for providing a subscriber with single step 
log-on access to a computer network having a first area and a second area, the apparatus 
comprising: 

a Service Selection Gateway (SSG) Server configured to: (1) intercept a log-on request 
initiated by the subscriber, (2) route the log-on request to an Authentication, Authorization and 
Accounting (AAA) Server to initiate log-on for the subscriber to the first area, (3) process an 
access-reply received from the AAA Server, (4) provide log-on access for the subscriber to the 
second area based on the access-reply, and (5) route the access-reply to a Network Access Server 
(NAS) to complete log-on for the subscriber to the first area. 

15. (Previously Presented) The apparatus of claim 14, wherein the log-on request is 
sent from the NAS. 

16. (Previously Presented) The apparatus of claim 14, wherein said SSG Server is 
further configured to utilize information contained in the log-on request to initiate log-on for the 
subscriber to the second area. 

17. (Previously Presented) An apparatus for providing a subscriber with single step 
log-on to a computer network differentiated into a plurality of areas, the apparatus comprising: 

a Service Selection Gateway (SSG) Server configured to: (1) receive an access-reply from 
an Authentication, Authorization and Accounting (AAA) server, (2) check the access-reply to 
determine if it contains a network address assigned by the AAA server to the subscriber, (3) log 
the subscriber on to the SSG with the assigned network address if the access-reply contains 
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authorization to do so from the AAA server and if it contains a network address assigned by the 
AAA server to the subscriber, and (4) forward the access-reply to a Network Access Server 
(NAS) so that the subscriber may log-on to the NAS with the assigned network address if the 
access-reply contains authorization to do so from the AAA server and if it contains a network 
address assigned by the AAA server to the subscriber. 

18. (Previously Presented) The apparatus of claim 17, wherein said SSG Server is 
further configured to: if the access-reply does not contain an assigned IP address, (5) log the 
subscriber on to the SSG with a temporary IP address if the access-reply contains authorization to 
do so from the AAA server, (6) assign a user identification to the subscriber, (7) forward the 
access-reply and the user identification to the NAS so that the subscriber may log-on to the NAS 
with a NAS-assigned network address if the access-reply contains authorization to do so from the 
AAA server, (8) receive from the NAS an accounting-start request identifying the NAS-assigned 
network address and the user identification, (9) replace the temporary IP address with the NAS- 
assigned IP address, and (10) forward the accounting-start request to the AAA server. 

19. (Previously Presented) The apparatus of claim 17, wherein said SSG Server is 
further configured to: (5) receive an access-request from the NAS, and (6) forward the access- 
request to the AAA server. 

20. (Previously Presented) The apparatus of claim 18, wherein the user identification 
is written into the access-reply packet as a Remote Authentication Dial-In User Service 
(RADIUS) attribute. 
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2 1 . (Previously Presented) The apparatus of claim 20, wherein the RADIUS attribute 
is a RADIUS class attribute. 

22. (Previously Presented) The apparatus of claim 17, wherein the user identification 
is the temporary network address. 
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